Release Date: 14/02/2021 | Issue: 74
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies   #ci/cd, #attack
Squatting valid internal package names is a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds.

Building a secure CI/CD pipeline for Terraform Infrastructure as Code   #aws, #ci/cd, #build
How the OVO team created a model for delivering infrastructure changes with robust security practices, and used to it build a secure Terraform CI/CD solution for AWS.

Defending Infrastructure as Code in GitHub Enterprise   #ci/cd, #defend
Paper examining a common deployment of infrastructure as code via GitHub Enterprise and HashiCorp Terraform, explores an attack scenario, examines attacker tradecraft within the context of the MITRE ATT&CK framework, and makes recommendations for defensive controls and intrusion detection techniques.

Initial Reaction to AWS Audit Manager   #aws, #explain
AWS Audit Manager is not quite there yet. The intent of the service is clear and you can begin to see the foundation of what this service could be. There are a few gaps that AWS Audit Manager will have to continue to improve upon to make this service usable for its customers.

Opting out of AWS AI data usage   #aws, #build
Why you should opt out of the AI data usage on AWS, how to do that, and how to confirm you did it correctly.

Learn How To Create Network Policies for Kubernetes   #k8s, #build
Tutorial that will teach you how to create a network policy using the Cilium Editor. It explains basic network policy concepts and guides you through the steps needed to achieve the desired least-privilege security policy.

Getting started with Kubernetes audit logs and Falco   #k8s, #monitor
What the Kubernetes audit logs are, what information they provide, and how to integrate them with Falco to detect suspicious activity in your cluster.

Enforce Custom Resource policies with Open Policy Agent Gatekeeper   #k8s, #defend
How to use Open Policy Agent and its Gatekeeper project to enforce policies when creating custom resources.

Wait Conditions in the Kubernetes Provider for HashiCorp Terraform   #terraform, #build
HashiCorp recently improved the wait_for configurations on several resources, as well as introduced an entirely new generic waiter. The new and improved configuration options allow you to specify whether Terraform should wait for a specific condition, or not, before continuing to apply your configuration or complete successfully.


Generate basic AWS IAM policies using client-side monitoring of calls made from the AWS CLI or SDKs.

Another way to enumerate AWS IAM users/roles without being authenticated to the victim account.

Cloudlist is a tool for listing Assets (Hostnames, IP Addresses) from multiple Cloud Providers.

kCTF is a Kubernetes-based infrastructure for CTF competitions.

From the cloud providers

AWS Icon  New digital curriculum: Managing Amazon S3
AWS announced a free new digital curriculum: Managing Amazon Simple Storage Service, which covers techniques to simplify the management of S3 storage.

AWS Icon  Use new account assignment APIs for AWS SSO to automate multi-account access
How you can programmatically assign and audit access to multiple AWS accounts for your AWS Single Sign-On (SSO) users and groups, using the AWS Command Line Interface (AWS CLI) and AWS CloudFormation.

GCP Icon  Don't fear the authentication: Google Drive edition
Just as you can share a Drive folder with a person, you can also share a Drive folder with an IAM service account. Or a Sheet, or a Doc. Whatever it is you want to integrate into your GCP application.

GCP Icon  6 best practices for effective Cloud NAT monitoring
Best practices for effective Cloud NAT monitoring in GCP: monitor port utilization, monitor the reasons behind Cloud NAT drops, leverage log-based metrics, monitor top endpoints and their drops, baseline a normalized error rate.

GCP Icon  Centrally Managing Artifact Registry Container Image Vulnerabilities on Google Cloud
How to utilize Pub/Sub and Cloud Functions to store project level container image vulnerabilities in a centralized service or location.

GCP Icon  Google Cloud samples
Search for samples demonstrating the usage of Google Cloud products, across ML APIs, Storage, serverless, and more. You can filter by language and product.

Azure Icon  Azure DDoS Protection - 2020 year in review
The prevalence of Distributed Denial-of-Service (DDoS) attacks in 2020 has grown more than 50 percent with increasing complexity and a significant increase in the volume of DDoS traffic.

Azure Icon  Baseline architecture for an Azure Kubernetes Service (AKS) cluster
Recommendations for networking, security, identity, management, and monitoring of AKS clusters based on an organization's business requirements.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.